Tuesday, March 23, 2010

Firefox 3.6.2 released to fix critical security issue

I have patched my copy and have no issues other than having to tweak a couple of add-ons to make them work with 3.6.2. All of the stories below have links to more info.

US-CERT Current Activity
The Mozilla Foundation has released Firefox 3.6.2 to address multiple security issues, including a critical vulnerability that may allow a remote attacker to execute arbitrary code.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

* Review the Firefox 3.6.2 release notes.
* Review Mozilla Foundation Security Advisory 2010-08.
* Upgrade to Firefox 3.6.2

Additional information regarding this vulnerability, including a workaround for users who cannot upgrade, can be found in the Vulnerability Notes Database.

Official Mozilla blog entry:
Firefox 3.6.2 Released at Mozilla Security Blog
Mozilla has accelerated its timetable and released Firefox 3.6.2 ahead of schedule. This release contains a number of security fixes, including a fix to Secunia Advisory SA38608 which was previously discussed on this blog when we were first made aware of and were then able to confirm the issue.

For additional information please see Mozilla Foundation’s Security Advisory MFSA-10-08 as well as the Firefox 3.6.2 Release Notes. We urge users to promptly update to this release by selecting “Check for Updates…” from the “Help” menu, or by visiting https://www.mozilla.com/ for a free download.

Other reports:

No comments: